SIGN IN
    As you know, WireGuard is a VPN that allows us to securely tunnel both our personal network and surfing. This gives us secure and reliable Internet access from a smartphone or personal computer.

    How to install it on a clean server can be found in this article.

    In this tutorial, we'll look at how to install WireGuard in a Docker container using Docker Compose.


    Let's install Docker.

    But first, you need to update the OS packages.

    apt update
    

    Install the necessary packages and add a new repository:

    apt install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
    
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt key add -
    
    add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable"

    Update the packages with the new repository:

    apt update
    

    Now let's install Docker itself.

    apt-get install docker-ce docker-ce-cli containerd.io
    

    Let's check the version:

    docker --version
    

    Check status:

    systemctl status docker
    

    If it did not start, then run:

    systemctl start docker
    

    And add to autorun.

    systemctl enable docker
    



    Install Docker Compose
    For this project, version 1.25 will be enough for us.

    curl -L "https://github.com/docker/compose/releases/download/1.25.5/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin /docker-compose
    

    Set permissions to launch.

    chmod +x /usr/local/bin/docker-compose
    

    Check how Docker-Compose was installed:

    docker-compose --version
    



    Add a Linux user to the docker group:

    usermod -aG docker $USER
    

    Let's create a *.yaml file for Docker-Compose.

    In order to orient in the future in what we have installed, let's create a separate folder for this project in the /opt directory and go to it.

    mkdir /opt/wireguard-server && cd /opt/wireguard-serve
    

    You can also use your /home directory to host this and other projects.

    Let's use the linuxserver repository to create the docker-compose.yaml file at https://hub.docker.com/r/linuxserver/wireguard

    Create a docker-compose.yaml or docker-compose.yml file,

    vim docker-compose.yaml
    

    And add the following code to it:

    version: "2.1"
    services:
      wireguard:
        image: lscr.io/linuxserver/wireguard:latest
        container_name: wireguard
        cap_add:
          -NET_ADMIN
          - SYS_MODULE
        environment:
          - PUID=0
          - PGID=0
          - TZ=Europe/Amsterdam
          - SERVERURL=auto
          - SERVERPORT=32334
          - PEERS=1
          - PEERDNS=1.1.1.1
          - INTERNAL_SUBNET=10.10.10.0
          - ALLOWEDIPS=0.0.0.0/0
          - LOG_CONFS=true
        volumes:
          - /opt/wireguard-server/config:/config
          - /lib/modules:/lib/modules
        ports:
          - 32334:32334/udp
          - 51280:51280/udp
        sysctls:
          - net.ipv4.conf.all.src_valid_mark=1
        restart: always

    Where:

    container_name: name of your container;
    TZ=: time zone, you can change it to the desired one, but for anonymity it is better to leave Europe/Amsterdam;
    SERVERPORT=: random port on which your VPN will work. It will also need to be registered in ports.
    PEERS=: number of users. They can be increased to the required amount;
    32334:32334/udp 51280:51280/udp - forwarded ports.

    Run our script (to do this, you need to be in the directory where our file was created. In this case, it is /opt/wireguard-server/):

    docker-compose up -d
    

    We are waiting for the download of images, and deployment.

    We check:

    docker-compose ps
    

    or

    docker ps
    

    You can also do this with one command in docker:


    docker run -d \\
      --name=wireguard \\
      --cap-add=NET_ADMIN \\
      --cap-add=SYS_MODULE \\
      -e PUID=0 \\
      -e PGID=0 \\
      -e TZ=Europe/Amsterdam \\
      -e SERVERURL=auto \\
      -e SERVERPORT=32334 \\
      -e PEERS=1 \\
      -e PEERDNS=1.1.1.1 \\
      -e INTERNAL_SUBNET=10.10.10.0 \\
      -e ALLOWEDIPS=0.0.0.0/0 \\
      -e LOG_CONFS=true \\
      -p 32334:32334/udp \\
      -p 51280:51280/udp \\
      -v /opt/wireguard-server/config:/config \\
      -v /lib/modules:/lib/modules \\
      --sysctl="net.ipv4.conf.all.src_valid_mark=1" \\
      --restart always \\
      lscr.io/linuxserver/wireguard:latest


    To generate a QR code for a smartphone:

    docker exec -it wireguard /app/show-peer 1
    

    Where:

    1 is the first config/user.

    Result:


    All configuration files and QR codes are located in /opt/wireguard-server/config/peer*


    How to create additional users.

    To do this, you just need to change the PEERS directive in the docker-compose.yaml file

    In order for the changes to be applied, we recreate our container:

    docker-compose up -d --force-recreate
    

    Also, for anonymity, disable ping on the host server:

    echo "net.ipv4.icmp_echo_ignore_all = 1" >> /etc/sysctl.conf
    

    And apply the changes:

    sysctl -p
    

    Happy surfing.